Healthcare leaders are concerned about medical device security, and for good reason. Security vulnerabilities in medical devices present real risks to patient safety, data privacy, and network stability. Healthcare organizations often have limited resources dedicated to addressing these security issues, yet the healthcare industry remains the largest target of cyberattacks compared to other industries. What are the key factors making medical device security such a critical issue, and how can we account for these factors in potential solutions?
The Food and Drug Administration (FDA) recently released industry guidance for the postmarket management of cybersecurity in medical devices. We are pleased to see the FDA address medical device cybersecurity given the increasing frequency and severity of cyberattacks against healthcare organizations. A recent report shows cyberattacks against healthcare organizations increased 63% in 2016, a trend expected to continue in 2017. Medical device cybersecurity is an urgent issue we must address to help protect healthcare organizations from dangers such as ransomware and data breaches. However, while the recently released FDA guidance provides good recommendations for the primary medical device market, it overlooks a large, growing segment of medical devices: the secondary market.